Skip to content

SCONE Configuration and Attestation Service (CAS)

SCONE CAS manages the secrets - in particular, the keys - of an application. The application is in complete control of the secrets: only services given explicit permission by the application's policy get access to keys, encrypted data, encrypted code and policies.

SCONE CAS Overview

Key generation. SCONE CAS can generate keys on behalf of an application. The generation is performed inside of a trusted execution environment. Access to keys is controlled by a security policy controlled by the application. Neither root users nor SCONE CAS admins can access the keys nor the security policies. So far, SCONE CAS runs inside of SGX enclaves.

Isolation. Users can run their own instances of SCONE CAS, i.e., one can isolate the secrets of different users and the secrets of different applications.

SCONE CAS Security Policy

Secure key and configuration provisioning without the need to change the source code of applications: secrets, keys, and configuration parameters are securely provisioned via command line arguments, environment variables and via transparently encrypted files.

SCONE Key Provisioning

Access control. To modify or read a policy, a client needs to prove, via TLS, that it knows the private key belonging to a public key specified in the policy. SCONE CAS grants - without any exception - only such clients access to this policy. The client's access to a private key is typically also controlled by a policy - possibly, even the same policy. Note that only after a successful attestation, will a client can get access to its private keys.

Management. The management of SCONE CAS can be delegated to a third party. The confidentiality and integrity of the policies and their secrets are ensured by CAS itself. Since the entity creating a policy has complete control over who can read or modify this policy, no admin managing SCONE CAS can overwrite the application's access control to a policy.

SCONE Access Control

SCONE CAS supports peer-to-peer based attestation of services operated by mutually distrusting peers.

SCONE Peer-To-Peer

Encrypted Code. One can create images with encrypted Python code or Java or JavaScript or C# or any other JIT or interpreted code on a trusted host. Alternatively, this code could als be generated inside of an enclave. One can transparently attest and decrypt the code inside of an enclave. This can be done without the need to change the Python engine or the Java/... virtual machine. Note that SCONE CAS attests both the Python engine as well as the Python code.

SCONE Configuration